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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 7/23/08 appealing from the Office action mailed 
3/24/08. 



(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 
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Art Unit: 2141 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 



(8) Evidence Relied Upon 

20050050335 Liang et al 3-2005 

2003/02 12779 Boyter et al 11-2003 

2005/0015760 Ivanov et al 1-2005 
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6993448 



Tracy et al 



1-2006 



2001/0047407 



Moore et al 



11-2001 



2004/0268145 



Watkins et al 



12-2004 



6546493 



Magdych et al 



4-2003 



2006/0010492 



Heintz et al 



12-2006 



(9) Grounds of Rejection 



The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC §103 



3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 1-4, 6-10, 12, 14-18, 20-24, 31, 36 and 44 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over U.S. Patent Application No. 2003/0212779 to Boyter et al in view of 
U.S. Patent Application No. 2005/0050335 to Liang et al. 

a. As per claim 1 and 15, Boyter et al teaches a system and method for network security 
scanning. Furthermore, Boyter et al teaches a method for scanning network devices connected to 
a network, comprising: (a) detecting connection of a first network device to the network (See 
page 4, paragraph [0024], when a new host, or a new port on an existing host is found it is placed 
at the top of the priority list to be scanned immediately); However, Boyter et al fails to teach 
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performing remote agentless scanning of internal files and data within the internal files on the 
first network device to determine internal security settings therefrom, the remote agentless 
scanning being performed automatically in response to detection of the first network device to 
thereby avoid downloading a software agent to the first network device; (c) comparing the 
internal security settings determined through the remote agentless scanning with predefined 
settings to determine compliance therewith; and (d) automatically performing a remote 
installation of a security software program on the first network device if the internal security 
settings are not in compliance with the predefined network settings. 

Liang et al teaches a performing remote agentless scanning of internal files and data 
within the internal files on the first network device to determine internal security settings 
therefrom, the remote agentless scanning being performed automatically in response to detection 
of the first network device to thereby avoid downloading a software agent to the first network 
device; (c) comparing the internal security settings determined through the remote agentless 
scanning with predefined settings to determine compliance therewith; and (d) automatically 
performing a remote installation of a security software program on the first network device if the 
internal security settings are not in compliance with the predefined network setting (See page 10, 
paragraph [0093-0097]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Liang et al in the claimed invention of Boyter et al in 
order to provide an anti-virus method ad system having multilevel anti- virus functions for 
anticipating and detecting computer virus outbreak (See page 2, paragraph [0013]). 
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b. As per claim 2, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein step (a) further comprises inspecting 
data packets communicated over the network (See page 2, paragraph [0012])) 

c. As per claims 3, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein the detecting step further comprises 
querying a database (See page 2, paragraph [0012], accessing a control database for determining 
designated address, storing the status of each active host and inactive host in the control 
database). 

d. As per claim 4, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches broadcasting pings on the network, 
continuously examining address resolution protocol tables, continuously monitoring event logs, 
transmitting a Lightweight Directory Access Protocol (LDAP) query, and transmitting a Domain 
Name System query (See page 10) 

e. As per claim 6, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein step (b) further comprises 
determining a property of the first network device (See page 9, paragraph [0053]). 
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f. As per claim 7, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein step (b) further comprises 
determining an identity of the first network device (See page 9, paragraph [0053]). 

g. As per claim 8, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein the determining of the identity of 
the first network device further comprises at least one of querying a database where the type has 
been determined, examining network traffic, analyzing network behavior, probing the first 
network device for signature responses, attempting to log into the device using a series of 
protocols, logging into the first network device and querying data within the device (See page 2, 
paragraph [0012] and page 5, paragraph [0031]). 

h. As per claim 9, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches scanning at least one of a configuration, file, 
data, a software version, a patch, inventory, hardware, and a security vulnerability of the first 
network device (See page 5, paragraph [0031]). 

i. As per claim 10, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al wherein step (b) further comprises 
updating at least one of a configuration, file, data, a software version, inventory, and 

a security vulnerability of the first network device (See page 2, paragraph [0012] and page 5, 
paragraph [0031]). 
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j. As per claim 12, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein step (b) further determining if the 
first network device is part of a windows domain (See page 3, paragraph [0021] and page 9, 
paragraph [0053]). 



k. As per claims 14 and 20, Boyter et al in view of Liang et al teaches the claimed invention 
as described above. Furthermore, Boyter et al teaches at least one of setting a security policy on 
the first network device, auditing the security policy of the first network device, ensuring 
compliance with a predetermined security policy, and reporting result (See page 5, paragraph 
[0031]). 



1. As per claim 16, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches in view of Watkins et al fails to teach 
wherein the detecting module continuously polls a database for data corresponding to newly 
attached network devices (See page 



m. As per claim 17, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein the scanning module remotely scans 
the first network device upon detecting data corresponding to the first network device in the 
database (See page 4, paragraph [0027]). 
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n. As per claim 18, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches a history database storing scan results of a 
scan performed by the scanning module (See page 5, paragraph [0031]). 

o. As per claim 21, Boyter et al teaches a method for examining a first network device 
connected to a network, comprising: (a) querying a database for data representing connection of 
network devices to a network (Sec page 2. paragraph [0012](b) determining connection of a first 
network device to the network by locating data about the first network device in the database 
(See page 2, paragraph [0012] and page 6, paragraph [0012]) (c) determining properties 
associated with the first network device to determine the identity of the first network device (See 
pages 4 and 5, paragraph [0028] and page 9, paragraph [0053]); (d) determining items to scan 
based on at least one of the properties (See page 5, paragraph [003 1 ]); However, Boyter et al 
fails to teach performing remote agentless scanning of internal files and data within the internal 
files on the first network device to determine internal security settings therefrom, the remote 
agentless scanning being performed automatically in response to detection of the first network 
device to thereby avoid downloading a software agent to the first network device. 

Liang et al teaches performing remote agentless scanning of internal files and data within 
the internal files on the first network device to determine internal security settings therefrom, the 
remote agentless scanning being performed automatically in response to detection of the first 
network device to thereby avoid downloading a software agent to the first network device (See 
page 10, paragraph [0093-0097]). 
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It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Liang et al in the claimed invention of Boyter et al in 
order to provide an anti-virus method ad system having multilevel anti- virus functions for 
anticipating and detecting computer virus outbreak (See page 2, paragraph [0013]). 

p. As per claim 22, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein step (c) further comprises 
determining at least one of credentials associated with the first network device and type of the 
first network device (Sec page 4, paragraph [0028] and page 9, paragraph [0053]). 

q. As per claim 23, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein step (c) further comprises at least 
one of querying a database where the identity has already been determined, examining network 
traffic, analyzing network behavior, probing the device for signature responses, and logging into 
the device to query data (See page 2, paragraph [0012]). 

r. As per claim 24, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. Furthermore, Boyter et al teaches wherein step (e) further comprises selecting 
a set of security policy settings to audit (See page 10, paragraph [0055]). 
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s. As per claims 3 1 and 36, Boyter et al in view of Liang et al teaches the claimed invention 
as described above. However, Boyter et al to teach wherein the scanning of internal files and 
data in step (b) comprises scanning software patch. 

Liang et al teaches wherein the scanning of internal files and data in step (b) comprises 
scanning a software patch (See page 3, paragraph [0033]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Liang in the claimed invention of Boyter et al in order 
to implement patching of security vulnerabilities in program file in an automatic, 
comprehensive, reliable and regression free manner (See page 1, paragraph [0008]). 

t. As per claim 44, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. However, Boyter et al fails to teach comparing the internal security settings 
determined through the remote agentless scanning of internal files and data with predefined 
security settings to determine compliance therewith. 

Liang et al teaches comparing the internal security settings determined through the 
remote agentless scanning of internal files and data with predefined security settings to 
determine compliance therewith (See page 10, paragraph [0093-0097]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Ivanov in the claimed invention of Boyter et al in order 
to implement patching of security vulnerabilities in program file in an automatic, 
comprehensive, reliable and regression free manner (See page 1, paragraph [0008]). 
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5. Claims 38 and 41 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent Application No. 2003/0212779 to Boyter et al in view of U.S. Patent Application No. 
2005/00500335 to Liang et al as applied to claim 1 above, and further in view of U.S. Patent 
Application No. 20050015760 to Ivanov et al. 

a. As per claims 38 and 41, Boyter et al in view of Liang et al teaches the claimed invention 
as described above. However, Boyter et al fails to teach wherein automatically performing a 
remote installation of a security software program in step (d) comprises installing a new version 
of the software patch. 

Ivanov et al teaches wherein automatically performing a remote installation of a security 
software program in step (d) comprises installing a new version of the software patch (See 
page3, paragraph [0033]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Ivanov in the claimed invention of Boyter et al in view 
of Liang et al in order to implement patching of security vulnerabilities in program file in an 
automatic, comprehensive, reliable and regression free manner (See page 1, paragraph [0008]). 

6. Claims 27-30 and 33-34 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent Application No. 2003/0212779 to Boyter et al in view of U.S. Patent Application No. 
2005/00500335 to Liang et al as applied to claim 1 above, and further in view of U.S. Patent No. 
6, 993448 to Tracy et al. 
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a. As per claim 27 and 33, Boyter et al in view of Liang et al teaches the claimed invention 
as described above. However, Boyter et al in view of Liang et al fails to teach wherein the 
scanning of internal files and data in step (b) comprise scanning a stored configuration of 
hardware and software on the first network device. 

Tracy et al teaches wherein the scanning of internal files and data in step (b) comprise 
scanning a stored configuration of hardware and software on the first network device (See col. 7, 
lines 53-58). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Tracy et al in the claimed invention of Boyter et al in 
view of Liang et al in order to automate the network configuration data collection process of 
performing security risk assessment (See col. 1, lines 65-67 and col. 2, lines 1-2). 

b. As per claims 28 and 29, Boyter et al in view of Liang et al teaches the claimed invention 
as described above. However, Boyter et al in view of Liang fails to teach wherein the scanning 
of internal files and data in step (b) comprises scanning for incorrectly configured hardware and 
software. 

Tracy et al teaches wherein the scanning of internal files and data in step (b) comprises 
scanning for incorrectly configured hardware and software (See col. 15, lines 7-43). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Tracy et al in the claimed invention of Boyter et al in 
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view of Liang in order to automate the network configuration data collection process of 
performing security risk assessment (See col. 1, lines 65-67 and col. 2, lines 1-2). 

c. As per claims 30 and 34, Boyter et al in view of Liang et al teaches the claimed invention 
as described above. However, Boyter et al in view of Liang fails to teach wherein the scanning 
of internal files and data in step (b) comprises scanning to determine a software version. 

Tracy et al teaches wherein the scanning of internal files and data in step (b) comprises 
scanning to determine a software version (See col. 7, lines 26-30). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Tracy et al in the claimed invention of Boyter et al in 
view of Liang in order to automate the network configuration data collection process of 
performing security risk assessment (See col. 1, lines 65-67 and col. 2, lines 1-2). 

7. Claims 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Patent 
Application No. 2003/0212779 to Boyter et al in view of U.S. Patent Application No. 
2005/0050335 to Liang et al as applied to claim 1 and 15 above, and further in view as applied to 
claim 1 above, and further in view of U.S. Patent Application No. 2001/0047401 to Moore et al. 

a. As per claim 5, Boyter et al in view of Liang et al teaches the claimed invention as 
described above. However, Boyter et al in view of Liang et al fails to teach wherein step (b) 
further comprises determining at least one of whether the first network device is plugged into a 
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wall socket, whether the first network device is connecting to the network via wireless access, 
and whether the first network device is connecting to the network via a Virtual Private Network. 

Moore et al teaches a system and methods for determining the physical location of a 
computer's network interface. Furthermore, Moore et al teaches determining at least one of 
whether the first network device is plugged into a wall socket, whether the first network device is 
connecting to the network via wireless access, and whether the first network device is connecting 
to the network via a Virtual Private Network (See page 9, paragraph [01 11]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate determining at least one of whether the first network device is plugged 
into a wall socket, whether the first network device is connecting to the network via wireless 
access, and whether the first network device is connecting to the network via a Virtual Private 
Network as taught by Moore et al in the claimed invention of Boyter et al in view of Liang et al 
in order to determine the connectivity type of the networks (See page 9, paragraph [0112] 

8. Claims 13, 19 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent Application No. 2003/0212779 to Boyter et al in view of U.S. Patent Application No. 
2005/0050335 to Liang et al as applied to claim 1 and 15 above, and further in view of U.S. 
Patent Application No. 2004/0268145 to Watkins et al. 

a. As per claims 13, 19 and 25, Boyter et al in view of Liang et al teaches the claimed 
invention as described above. However, Boyter et al in view of Liang et al fails to teach at least 
one of enabling the first network device to have additional access to the network, denying the 
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first network device access to the network, notifying another about the first network device based 
on results of the scan, and quarantining the first network device. 

Watkins et al teaches one of enabling the first network device to have additional access to 
the network, denying the first network device access to the network, notifying another about the 
first 1, paragraph [0009], the results of these checks are returned via the web and are used for 
security decisions involving the granting of authorization to access network services). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate at least one of enabling the first network device to have additional 
access to the network, denying the first network device access to the network, notifying another 
about the first network device based on results of the scan, and quarantining the first network 
device as taught by Watkins et al in the claimed invention of Chari et al in order to provide a 
reliable client integrity scheme that can consistently regulate access to network services or 
resources on the observed integrity properties of remote network devices requesting access (See 
page 1, paragraph [0007]). 

9. Claims 32 and 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent Application No. 2003/0212779 to Boyter et al in view of U.S. Patent Application No. 
2005/0050335 to Liang et al as applied to claim 1 and 15 above, and further in view as applied to 
claims 1 and 15 above, and further in view of U.S. Patent No. 6, 546493 to Medic et al. 
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a. As per claim 32 and 37, Boyter et al in view of Liang et al teaches the claimed invention 
as described above. However, Boyter et al in view of Liang et al fails to teach wherein the 
scanning of internal files and data in step (b) comprises scanning for viruses. 

Medic et al teaches a system and method for risk assessment scanner. Furthermore, 
Magdych et al teaches wherein the scanning of internal files and data in step (b) comprises 
scanning for viruses (See col. 3, lines 35-49, col. 5, lines 61-67, col. 6, lines col. I, lines 60-67). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Magdych into the claimed invention of Boyter et al in 
view of Liang et al in order to identify the vulnerabilities as the source (See col. 2, lines 30-31). 

10. Claims 39, 42 and 45 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent Application No. 2003/0212779 to Boyter et al in view of U.S. Patent Application No. 
2005/0050335 to Liang et al as applied to claim 1 and 15 above, and further in view as applied to 
claims 1 and 15 above, and further in view of U.S. Patent Application No. 2005/0050335 to 
Liang et al. 

a. As per claims 39, 42 and 45, Boyter et al in view of Liang et al teaches the claimed 
invention as described above. However, Boyter et al in view of Liang et al fails to teach 
wherein the scanning of internal files and data in step (b) comprises searching for a 
predetermined anti-virus software, and wherein automatically performing a remote installation of 
a security software program in step (d) comprises installing the predetermined anti-virus 
software if the predetermined anti-virus software is not found in step (b). 
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Liang et al teaches comprises searching for a predetermined anti-virus software, 
and wherein automatically performing a remote installation of a security software program in 
step (d) comprises installing the predetermined anti-virus software if the predetermined anti- 
virus software is not found in step (b) (See page 5, paragraph [0054-0055]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Liang et al in the claimed invention of Boyter et al in 
view of Liang et al in order to provide the client device with the appropriate anti-virus software 
(See page 5, paragraph [0054]). 

1 1 . Claims 40, 43 and 46 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. 
Patent Application No. 2003/0212779 to Boyter et al in view of U.S. Patent Application No. 
2005/0050335 to Liang et al as applied to claim 1 and 15 above, and further in view as applied to 
claims 1 and 15 above, and further in view of U.S. Patent Application No. 2006/0010492 to 
Heintz et al. 

a. As per claims 40, 43 and 46, Boyter et al in view of Liang et al teaches the claimed 
invention as described above. However, Boyter et al in view of Liang et al fails to teach wherein 
the scanning of internal files and data in step (b) comprises determining whether firewall 
software is installed, and wherein automatically performing a remote installation of a security 
software program in step (d) comprises installing the firewall software if it is determined in step 
(b) that the firewall software has not yet been installed. 
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Heintz et al teaches wherein the scanning of internal files and data in step (b) comprises 
determining whether firewall software is installed, and wherein automatically performing a 
remote installation of a security software program in step (d) comprises installing the firewall 
software if it is determined in step (b) that the firewall software has not yet been installed (See 
page 2, paragraph [0024]). 

It would have been obvious to one with ordinary skill in the art at the time the invention 
was made to incorporate the teaching of Heintz et al in the claimed invention of Boyter et al in 
view of Liang et al in order to monitor the activity of a user on a network component (See page 
1, paragraph [0009]). 

(10) Response to Argument 

A The examiner has not established a Prima Facie case of obviousness with respect to 
claims 1, 3, 4, 6-10, 12, 14-18, 20-24, 31, 36 and 44. 

1. The Examiner did not accurately resolve the Graham factual inquiries 

Appellant argues that Liang fails to teach "remote agentless scanning". However, Liang teaches 
wherein if it is determined that the visitor client device 125 does not have the appropriate anti- 
virus software installed, then access to all addresses other than an anti-virus software installation 
server 138 are blocked until a scan is made of the memory of the visitor client device 125 by a 
virus scan server module 142 (See page 5, paragraph [0058]). Furthermore, Appellant argues 
that Liang does not address detecting the connection of the new client device to the network. 



Application/Control Number: 10/683,564 Page 19 

Art Unit: 2141 

However, The Examiner respectfully disagrees with Appellant's assertion. Liang teaches 
wherein the process 1300 begins at 1302 by the visitor client device being connected to a visitor 
port included in a portion of the network being monitored. At 1304, a determination is made 
whether or not the visitor client device complies with the latest network anti-virus policies 
including acceptable anti-virus software ... If, on the other hand, the visitor client device is 
determined to be non-compliant, then at 1308 the visitor client device is scanned for any active 
or latent virus infections. If the scanned visitor client device passes the virus scan at 1310, then 
the visitor client device is granted the use token at 1306, otherwise, a determination is made at 
1312 whether or not connecting the visitor client device to the network is to continue (Sec 
paragraph [0092-0093]). Liang addresses the teaching of "detecting connection of a first 
network device to the network" and clearly accentuates the teaching of Boyter et al of detecting a 
connection of a network device to a network (See page 4, paragraph [0024]). 

In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies (i.e., computers that 
ordinarily connect to the network using transient means, such as virtual private network 
connection or using a wireless access point) are not recited in the rejected claim(s). Although the 
claims are interpreted in light of the specification, limitations from the specification are not read 
into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Appellant argues that Liang does not determine internal security settings of a network 
device by performing remote agentless scanning. The Examiner agrees with Appellant that 
Liang teaches that "a determination is made whether or not a proper set of anti-virus policies and 
protocols are in place. However, the Examiner disagrees with Appellant that Liang's procedure 
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does not teach that the determination is made through remote agentless scanning. As one with 
ordinary skill in the art knows, "remote agentless scanning" is done remotely from a server or 
host without any software or agent being installed on the device. Indeed, in Liang after it is 
determined that the visitor client device 125 does not have the appropriate anti-virus software 
installed, then access to all addresses other than an anti -virus software installation server 138 are 
blocked until a scan is made of the memory of the visitor client device 125 by a virus scan server 
module 142 (See page 5, paragraph [0058]). Thus, with respect to Appellant's argument Boyter 
in view of Liang clearly teaches performing remote agentless scanning to determine internal 
security settings. 

Appellant argues that Liang teaches "upon receiving the query 140, each of the client 
device checks for confirmation that the appropriate anti-virus software is indeed present" (See 
paragraph [0055]). The citation that Appellant is referring to is indeed taking place in the 
process of Liang but only after a device has connected to the network and a determination of 
the security settings of the device are made. Liang will proceed to the remote installation of 
the software after determining that no software is present. The Examiner respectfully 
disagrees with Appellant taking a citation out of context from the prior art of Liang to present 
the cited above argument. Liang clearly teaches "In those situations where a client device is 
found to not have the appropriate anti-virus software installed, virus monitor 102 has any number 
of options for response. In most cases, virus monitor 102 will direct the target client device (i.e., 
the client device found to not have the appropriate anti-virus software) to an anti-virus 
installation server 138 (which may actually be the server 128) and block any traffic to/from the 
target client device and all other addresses until such time as the appropriate anti-virus software 
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has been properly installed. For example, virus monitor 102-1 sends a query 140 to each of the 
client devices 110-116 requesting confirmation that each has installed therein the appropriate 
anti-virus software as determined by the policies contained in the OPP file 135. Upon receiving 
the query 140, each of the client devices checks for confirmation that the appropriate anti-virus 
software is indeed present. [See paragraph [0053-0055]). 

2. The examiner has not articulated reasoning with some rational underpinning to 
support the legal conclusion of obviousness. In response to applicant's argument that there is 
no suggestion to combine the references, the examiner recognizes that obviousness can only be 
established by combining or modifying the teachings of the prior art to produce the claimed 
invention where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in the art. 
See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 
21 USPQ2d 1941 (Fed. Cir. 1992). In this case, it would have been obvious to one with ordinary 
skill in the art at the time the invention was made to incorporate the teaching of "remote 
agentless scanning" of Liang in the claimed invention of Boyter et al in order to provide anti- 
virus functions for anticipating and detecting computer virus outbreak. (See page 2, paragraph 
[0013]). The Examiner has clearly established a prima facie case of obviousness. 



B. Neither Boyter nor Liang teaches inspecting Data Packets communicated over the 
network such as recited in claim 2. 
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As per claim 2, Appellant argues that Boyter fails to teach inspecting data packets to 
detect connection of network device. However, Boyter clearly teaches wherein The Host 
Scanner Daemon 130 sends a TCP SYN packet to every host on the list while listening for 
responses in a separate thread (See paragraph [0012 and 0053]). 



(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 



/Djenane M Bayard/ 

Examiner, Art Unit 2141 

/William C. Vaughn, Jr./ 

Supervisory Patent Examiner, Art Unit 2144 
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